I am fairly Apache2 savy, but have been tasked at my job to do the following;
Server currently has two vhosts. (Two totally separate clients)
I was asked if I could create a user account by which the one of the clients would be able to have basically jailed FTP or SFTP (preferably) access only to their files.
The way the vhosts are currently laid out is that they both reside in;
(client1 & 2 are obviously pseudonyms for the real names)
/home/web/client1, and
/home/web/public_html (client2)
NOTE: All directories just listed are all web:web for owner:group. (I know this is going to have to change to achieve my desired outcome.)
My thoughts were to create a new user (call it, client1) and move their webroot to /home/client1/public_html and then set them up with an rssh account so that they can SFTP into their stuff only.
Where things start to get a bit more complicated for me is now I will have two different user accounts owning their respective web content directories and files and need Apache to be able to work for both, plus allowing that jailed access for the one client.
So, How do I set up each vhost so that the web server will serve up both sites?
Do I need to do a chown client1:www-data in client1's public_html dir as well as chown client2:www-data or am I not even on the right track here?
As you can see, the problem actually is multi-faceted. So, try to be as verbose as possible with relation to both the vhost issue and the jailing issue.
Thanks folks.
Best Answer
If this is a real issue for you (I'm not certain that it is though because Apache effectively 'jails' access via normal directives per vhost). But if you really want to nail the issue once and for all, you may consider using aliased IPs and totally separate apache instances bound to their respective IPs only. For example, client 1's apache is bound to IP address 192.168.0.11:80 (eth0:0), and client 2 goes to 192.168.0.12:80 (eth0:1), etc.
This will work, and it'll allow you totally separate those instances and do whatever you want. Hope this helps.